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28 «AR 1985 


MEMORANDUM FOR: Deputy Director for Operations 

FROM: Harry E. Fitzwater 

Deputy Director for Administration 

SUBJECT: Evaluation of the Agency's Information 

Security Program 




1. Attached for your information is the Information Security Oversight 
Office's (ISOO) report on its FY 1984 inspections of the Agency's 
information security program. As you will note, the ISOO inspections 
focused on the review of classified documents for proper classification and 
markings, safeguarding procedures, information security training programs, 
and the degree of understanding by Agency personnel in making original and 
derivative classification decisions. With the exception of some 
inconsistencies in classification markings, ISOO found that CIA met or 
exceeded the standards established by Executive Order 12356 and its 
implementing directive. 


2. Please express my appreciation to of NE Division 

for her coo peration and the excellent briefing she provided during this 
inspection. 


Harry E. Fitzwater 


25X1 

25X1 

25X1 


Attachment: 
As Stated 


UNCLASSIFIED Except Where 
Marked 


25X1 


C-O-N-F-I-D-E-N-T-I-A-L 
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DDA/OIS/IRMD/IMI 


dew 


(21 March 1985) 


Distribution: 

Original - Addressee 

1 ^ DDA Chrono w/att 
1 - OIS Chrono w/att 
1 - IRMD Chrono 
1 - IMB Chrono 
1 - IMB Subject 


25X1 


Sanitized Copy Approved for Release 2010/06/07 : CIA-RDP88G00186R001 001 30001 2-8 




Sanitized Copy Approved for Release 2010/06/07 : CIA-RDP88G00186R001001300012-8 


Report of Inspection by 
The Infontation Security Oversight Office 

of the 

Central Intelligence Agency 


I. 


fifinerAl 


II. 


On March 15, May 3 and August 28, 1984, 

Program Analyst, Information Security Oversight Office 
(ISOO), inspected the Central Intelligence Agency's (CIA) 
information security pr ogram to ev aluate its compliance with 


Branch. 


was accompanied by CIA 
Chief, Information Management 
ISOO's FY 1984 ins^ctions continued to concentrate 


Executi ve Order 12356. 
liaison 


on agency training programs; marking and safeguarding; and 
in particular, focused on the degree of understanding CIA 
personnel had of relevant provisions of E.O. 12356 as they 
relate to original and derivative classification. 

Findings 

A. Classification/Markinq 


STAT 


STAT 

STAT 


The agency continues to use its classification guide 
as a basis for its derivative classification. CIA 
procedures for using the guide as a basis for a 
derivative classification are more effective than 
procedures in most other agencies because CIA officials 
marking the documents are required to identify the 
specific item in the guide. This procedure facilitates 
the conduct of audit trails to determine if the level stat 
and duration assignments are proper. 
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B. Training 

Personnel responsible for the classifying and marking 
of documents continue to receive effective initial and 
refresher training. Immediate corrections are made 
when errors in marking procedures are detected. 

Training in the handling, safeguarding and use of 
classified information is an ongoing program with 

refresher sessions and constant observation. 

C. Safeguarding 

The agency has excellent procedures for the trans- 
mittal, storage and handling of classified information. 
Programs and procedures are constantly reviewed to 
determine if they require upgrading or modification. 
Individual offices have strict programs for the 
checking and control of classified information in their 
possession. No deficiency was detected during the 
course of the inspections. 

III. Conclusion 


The Central Intelligence Agency's information security 
program is in c ompliance with the Executive Order an<^ i-Kc 

T\ .f ^ • I 


ISOO Directive. 






STAT 


STAT 

STAT 
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IV. KecQmcndatlQnE 


nocuments sho uld be periodically checked! | 

to determine if they are in compliance with the 
Order. »men^def iciencies are detected, the responsible 
official should be notified and errors corrected. 


STAT 

STAT 
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